[Git][security-tracker-team/security-tracker][master] 2 commits: lts: triage CVE-2025-66453/rhino as postponed

Emilio Pozuelo Monfort (@pochu) pochu at debian.org
Tue Dec 16 10:47:05 GMT 2025 


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
08857440 by Emilio Pozuelo Monfort at 2025-12-16T11:46:51+01:00
lts: triage CVE-2025-66453/rhino as postponed

- - - - -
167f2161 by Emilio Pozuelo Monfort at 2025-12-16T11:46:51+01:00
lts: triage CVE-2025-67899/uriparser as postponed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -139,6 +139,7 @@ CVE-2025-67899 (uriparser through 0.9.9 allows unbounded recursion and stack con
 	- uriparser <unfixed>
 	[trixie] - uriparser <no-dsa> (Minor issue)
 	[bookworm] - uriparser <no-dsa> (Minor issue)
+	[bullseye] - uriparser <postponed> (Minor issue)
 	NOTE: https://github.com/uriparser/uriparser/issues/282
 	NOTE: https://github.com/uriparser/uriparser/pull/284
 CVE-2025-67898 (MJML through 4.18.0 allows mj-include directory traversal to test file ...)
@@ -5724,6 +5725,7 @@ CVE-2025-66478
 	REJECTED
 CVE-2025-66453 (Rhino is an open-source implementation of JavaScript written entirely  ...)
 	- rhino <unfixed> (bug #1121953)
+	[bullseye] - rhino <postponed> (Minor issue)
 	NOTE: https://github.com/mozilla/rhino/security/advisories/GHSA-3w8q-xq97-5j7x
 	NOTE: Fixed by: https://github.com/mozilla/rhino/commit/b333c3ec7a86409d62b0aab315129584fe18cb9e (Rhino1_7_15_1_Release)
 	NOTE: Fixed by: https://github.com/mozilla/rhino/commit/2bcf4c43deace35f1f57d86377c6767b0608986e (Rhino1_7_14_1_Release)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2d6ed73a3bfa9c942969f0a7a1a10dbf169d81d2...167f216126ec73f141320096758aecfd69bff53b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2d6ed73a3bfa9c942969f0a7a1a10dbf169d81d2...167f216126ec73f141320096758aecfd69bff53b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251216/54f1bff7/attachment.htm>

More information about the debian-security-tracker-commits mailing list